配置服务器环境

使用LNMP一键安装服务器环境

1	wget https://soft.lnmp.com/lnmp/lnmp2.1.tar.gz -O lnmp2.1.tar.gz && tar zxf lnmp2.1.tar.gz && cd lnmp2.1 && ./install.sh lnmp

LNMP配置Lua环境

编辑lnmp文件夹下的lnmp.conf文件，将Enable_Nginx_Lua的值改为y，如下：

1	Enable_Nginx_Lua='y'

升级nginx

在lnmp文件夹下运行

1	./upgrade.sh nginx

配置HttpGuard

首先下载HttpGuard：github下载网盘下载

下载并解压到nginx配置文件夹根目录下，编辑HttpGuard文件夹下的config.lua文件，将安装目录修改为当前文件所在目录

1	baseDir = '/usr/local/nginx/HttpGuard/'

开启主动防御

将JsJumpModules中state的值改为On

1	JsJumpModules = { state = "On" ,verifyMaxFail = 5, keySecret = 'QSjL6p38h9', amongTime = 60 , urlProtect = baseDir.."url-protect/js.txt"},

生成动态验证码

进入HttpGuard目录下的captcha文件夹，运行命令

1	/usr/local/php/bin/php getImg.php

等待生成动态验证码，需要多等一会儿

添加Lua防御代码

编辑nginx的nginx.conf配置文件，将下列代码添加到http中

lua_package_path "/usr/local/nginx/HttpGuard/?.lua";
lua_shared_dict guard_dict 100m;
init_by_lua_file /usr/local/nginx/HttpGuard/init.lua;
access_by_lua_file /usr/local/nginx/HttpGuard/runtime.lua;
lua_max_running_timers 1;

例如：

user  www www;

worker_processes auto;
worker_cpu_affinity auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }

http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        lua_package_path "/usr/local/nginx/HttpGuard/?.lua";
        lua_shared_dict guard_dict 100m;
        init_by_lua_file /usr/local/nginx/HttpGuard/init.lua;
        access_by_lua_file /usr/local/nginx/HttpGuard/runtime.lua;
        lua_max_running_timers 1;
        server_tokens off;
        access_log off;

server
    {
        listen 80 default_server reuseport;
        #listen [::]:80 default_server ipv6only=on;
        server_name _;
        index index.html index.htm index.php;
        root  /home/wwwroot/default;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location /lua
        {
            default_type text/html;
            content_by_lua 'ngx.say("hello world")';
        }

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/access.log;
    }
include vhost/*.conf;
}